NATO IST 091 # 18
Robert Charpentier DRDC Valcartier
Dr Mourad DebbabiConcordia University
November 22nd – 23rd , 2010
Trusted Free and Open Source Software (FOSS) FOSS Hardening
2
FOSS Project History
OverviewGuidelines
FOSS in mil
SupportOptions
DefensiveDesign
FOSSAuditing
FOSSHardening
Architecturesfor
Hostile Environments
FOSS: Free and Open Source Software
2003-04 2005 2005
2005-06 2006-09 2008-11
3
Lessons Learned with FOSS
• Adoption of Open Standards should be prioritized
• FOSS must be selected on its technical advantages
• Hybrid architectures using COTS and FOSS are often best
• Access to source code has proven very beneficial and practical
• FOSS offers more options for long-term maintenance
4
FOSS Project History
OverviewGuidelines
FOSS in mil
SupportOptions
DefensiveDesign
FOSSAuditing
FOSSHardening
Architecturesfor
Hostile Environments
FOSS: Free and Open Source Software
2003-04 2005 2005
2005-06 2006-09 2008-10
5
Preprogrammed Security
Preprogrammed SecurityExisting Software Existing Software
Software Weaving
Secure Software
Ref: TFOSS project (2006 –2009) – Concordia, DRDC, NSERC & Bell
6
TFOSS Project Themes
FOSS: Free and Open Source Software
7
TFOSS Project Themes
FOSS: Free and Open Source Software
8
TFOSS Project Themes
FOSS: Free and Open Source Software
9
TFOSS Project
FOSS: Free and Open Source Software
10
TFOSS Students
1. Vulnerability Detection:
2 Ph.D. + 2 M.Sc.
2. Security Hardening Patterns and Plans:
1 Ph.D. + 1 M.Sc.
3. AOP Security Weaving:
2 Ph.D. + 1 M.Sc.
AOP: Aspect-Oriented Programming
11
Security Hardening Definition
• Process and methodology used to
– remove vulnerabilities, and/or
– add security functionalities, and/or
– prevent their exploitation in existing software
12
Analysis and Hardening on GIMPLE
Java/C++/C/ADA/Fortran …
Secured Executable
Security Features
• Facilitate introducing new security features into AOP languages.
• Unify the matching and weaving processing in mainstream languages
GCC: GNU Compiler Collection
13
Hardening on GIMPLE
GCC: GNU Compiler Collection
14
Case Studies
• Inspired by CERT and US Homeland Security coding rules
• Vulnerabilities:
– Unsafe creation of chroot jail
– TOCTOU
– Unsafe temporary file creation
– Use of deprecated function
– Etc.
• Well-known FOSS packages:
– Openssh-5.0p1 (encryption and authentication)
– Shadow-4.1.1 (handles passwords)
– Patchutils-0.1.5 (operates on patch files)
– Binutils-2.19.1 (manipulation of object code)
– Inn-2.4.6 (news server)
– Etc.
15
Implementation & Experiment
• Analyzed packages: 35 Linux packages written in C– apache-1.3.41, krb5-1.6, binutils-2.19.1, openssh-5.0p1, shadow-4.1.2.2, inn-2.4.6,
openca-tools-1.1.0, freeradius-2.1.3, amanda-2.5.1p2, zebra-0.95a, etc.
• Experiment result summary:
Error: Total reported errorsErr: Real errorsFP: False positivesDN: Statically undecidable errors
16
Race Conditions
Race Condition TOCTTOU
17
Temporary Files
Temporary File Errors
18
Data Flow Analysis
Comparison between Data Flow Analysis and Control Flow Analysis
19
Conclusion
• Methodologies, Techniques & Toolsets:– For security evaluation of software:
• Assisted vulnerability detection in GIMPLE
• Automated test generation (not covered today)
– For security hardening :
• Automated code injection in GIMPLE (i.e. GCC)
• Results available to the NATO community
20
TFOSS Project Team (11 March 2008)
21
TFOSS Lead Team
Dr. M. Debbabi + 3 other ProfessorsConcordia University
R. Charpentier + Capt. J. FurlongDRDC and CF
R. Low + 2 Bell analystsBell Canada
22
Thanks to: Marc-André Laverdière, Nadia Belbidia, Syrine Tlili, Dima Alhadidi, Aiman Hanna,
Xiaochun Yang, Azzam Mourad, Zhenrong Yang, Amine BoukhetoutaRachid Hadjidj, Hakim Idrissi Kaitouni, Hai Zhou Ling
Bell Canada and NSERC
Top Related